kdat: Relax loginuid checks

Introduce 3-state mode and check them always. Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>

kdat: Relax loginuid checks
Introduce 3-state mode and check them always. Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
ff65b3b9 · Pavel Emelyanov · Andrei Vagin · 08ca20e2 · ff65b3b9 · ff65b3b9
Commit ff65b3b9 authored May 04, 2017 by Pavel Emelyanov Committed by Andrei Vagin May 10, 2017
Showing with 20 additions and 17 deletions

cr-check.c criu/cr-check.c +2 -2

cr-dump.c criu/cr-dump.c +1 -1

cr-restore.c criu/cr-restore.c +3 -3

kerndat.h criu/include/kerndat.h +8 -2

kerndat.c criu/kerndat.c +6 -9

No files found.
--- a/criu/cr-check.c
+++ b/criu/cr-check.c
@@ -1044,10 +1044,10 @@ static int check_userns(void)
 static int check_loginuid(void)
 {
-	if (kerndat_loginuid(false) < 0)
+	if (kerndat_loginuid() < 0)
 		return -1;
-	if (!kdat.has_loginuid) {
+	if (kdat.luid != LUID_FULL) {
 		pr_warn("Loginuid restore is OFF.\n");
 		return -1;
 	}

--- a/criu/cr-dump.c
+++ b/criu/cr-dump.c
@@ -341,7 +341,7 @@ static int dump_pid_misc(pid_t pid, TaskCoreEntry *tc)
 {
 	int ret;
-	if (kdat.has_loginuid) {
+	if (kdat.luid != LUID_NONE) {
 		pr_info("dumping /proc/%d/loginuid\n", pid);
 		tc->has_loginuid = true;

--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -762,7 +762,7 @@ static int prepare_proc_misc(pid_t pid, TaskCoreEntry *tc)
 	int ret;
 	/* loginuid value is critical to restore */
-	if (kdat.has_loginuid && tc->has_loginuid &&
+	if (kdat.luid == LUID_FULL && tc->has_loginuid &&
 			tc->loginuid != INVALID_UID) {
 		ret = prepare_loginuid(tc->loginuid, LOG_ERROR);
 		if (ret < 0)
@@ -1815,7 +1815,7 @@ static int prepare_userns_hook(void)
 {
 	int ret;
-	if (!kdat.has_loginuid)
+	if (kdat.luid != LUID_FULL)
 		return 0;
 	/*
 	 * Save old loginuid and set it to INVALID_UID:
@@ -1837,7 +1837,7 @@ static int prepare_userns_hook(void)
 static void restore_origin_ns_hook(void)
 {
-	if (!kdat.has_loginuid)
+	if (kdat.luid != LUID_FULL)
 		return;
 	/* not critical: it does not affect CT in any way */

--- a/criu/include/kerndat.h
+++ b/criu/include/kerndat.h
@@ -14,7 +14,7 @@ extern int kerndat_init(void);
 extern int kerndat_init_rst(void);
 extern int kerndat_get_dirty_track(void);
 extern int kerndat_fdinfo_has_lock(void);
-extern int kerndat_loginuid(bool only_dump);
+extern int kerndat_loginuid(void);
 enum pagemap_func {
 	PM_UNKNOWN,
@@ -23,6 +23,12 @@ enum pagemap_func {
 	PM_FULL,
 };
+enum loginuid_func {
+	LUID_NONE,
+	LUID_READ,
+	LUID_FULL,
+};
 struct kerndat_s {
 	dev_t shmem_dev;
 	int last_cap;
@@ -32,7 +38,7 @@ struct kerndat_s {
 	bool has_fdinfo_lock;
 	unsigned long task_size;
 	bool ipv6;
-	bool has_loginuid;
+	enum loginuid_func luid;
 	bool compat_cr;
 	enum pagemap_func pmap;
 	unsigned int has_xtlocks;

--- a/criu/kerndat.c
+++ b/criu/kerndat.c
@@ -441,22 +441,19 @@ static int get_ipv6()
 	return 0;
 }
-int kerndat_loginuid(bool only_dump)
+int kerndat_loginuid(void)
 {
 	unsigned int saved_loginuid;
 	int ret;
-	kdat.has_loginuid = false;
+	kdat.luid = LUID_NONE;
 	/* No such file: CONFIG_AUDITSYSCALL disabled */
 	saved_loginuid = parse_pid_loginuid(PROC_SELF, &ret, true);
 	if (ret < 0)
 		return 0;
-	if (only_dump) {
+	kdat.luid = LUID_READ;
-		kdat.has_loginuid = true;
-		return 0;
-	}
 	/*
 	 * From kernel v3.13-rc2 it's possible to unset loginuid value,
@@ -469,7 +466,7 @@ int kerndat_loginuid(bool only_dump)
 	if (prepare_loginuid(saved_loginuid, LOG_WARN) < 0)
 		return 0;
-	kdat.has_loginuid = true;
+	kdat.luid = LUID_FULL;
 	return 0;
 }
@@ -585,7 +582,7 @@ int kerndat_init(void)
 	if (!ret)
 		ret = get_ipv6();
 	if (!ret)
-		ret = kerndat_loginuid(true);
+		ret = kerndat_loginuid();
 	if (!ret)
 		ret = kerndat_iptables_has_xtlocks();
 	if (!ret)
@@ -619,7 +616,7 @@ int kerndat_init_rst(void)
 	if (!ret)
 		ret = get_ipv6();
 	if (!ret)
-		ret = kerndat_loginuid(false);
+		ret = kerndat_loginuid();
 	if (!ret)
 		ret = kerndat_iptables_has_xtlocks();
 	if (!ret)